Lost in the Fog: A New Ransomware Threat

June 7, 2024, 10:37 a.m.

Description

Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks targeted organizations in the education and recreation sectors within the United States. Evidence suggests threat actors gained initial access through compromised VPN credentials and leveraged techniques like credential dumping, lateral movement tools like PsExec, and ransomware payloads with capabilities to disable defenses, encrypt data, and delete backups. The actors appeared financially motivated, seeking rapid encryption and ransom payment rather than data exfiltration.

External References

https://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/
https://otx.alienvault.com/pulse/6662e21ee7ef8ef2d6e40ae2
Tags
ransomware
encryption
lateral movement
credential
2024-06-07
backup deletion
foggyweb

Date

  • Created: June 7, 2024, 10:34 a.m.
  • Published: June 7, 2024, 10:34 a.m.
  • Modified: June 7, 2024, 10:37 a.m.

Indicators

  • 8b9c7d2554fe315199fae656448dc193accbec162d4afff3f204ce2346507a8a
  • d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb
  • 77.247.126.200
  • 5.230.33.176
  • 107.161.50.26
Download all indicators here!

Attack Patterns

  • FoggyWeb - S0661

Additional Informations

  • Education
  • United States of America

Linked vulnerabilities

CVE-2024-1800

None
Published:

CVE-2024-4358

9.8
    Progress Telerik Report Server
Published: May 29, 2024